TY - GEN
T1 - 5G-RNAKA
T2 - 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025
AU - Li, Hui
AU - Li, Haotian
AU - Ma, Chi
AU - Guan, Jingjing
AU - Zeng, Junchi
AU - Feng, Haonan
AU - Zhao, Ziming
N1 - Publisher Copyright:
© 2025 Copyright held by the owner/author(s).
PY - 2025/11/22
Y1 - 2025/11/22
N2 - The 5G-AKA protocol, defined by 3GPP for authentication and key agreement in 5G networks, remains vulnerable to linkability, synchronization failure, and Sequence Number (SQN) exposure attacks. These issues threaten user privacy and service availability. Existing improvements often retain these flaws or cause high overhead due to continued use of the legacy SQN mechanism from 3G. In this paper, we propose 5G-RNAKA, a secure and efficient AKA protocol for 5G systems. Unlike 5G-AKA, 5G-RNAKA eliminates SQN counters and instead utilizes random numbers generated by the Universal Subscriber Identity Module (USIM) in 5G User Equipment (UE) for session identification. This random number is embedded in the reply message from the service network (SN) to prevent replay attacks against the UE. Additionally, by removing the SQN mechanism, 5G-RNAKA enhances user privacy by preventing attackers from linking challenge-response sessions. It also enables the UE to authenticate the SN, effectively mitigating the risk of SN impersonation. We formally verify that 5G-RNAKA achieves its security goals of privacy, authentication, and secrecy using the state-of-the-art formal verification tool, Tamarin Prover. Our implementation and evaluation further demonstrate that 5G-RNAKA improves communication efficiency and reduces storage overhead. While primarily designed for 5G, 5G-RNAKA's features align with emerging trends in 6G authentication, suggesting its potential for adaptation to future 6G architectures.
AB - The 5G-AKA protocol, defined by 3GPP for authentication and key agreement in 5G networks, remains vulnerable to linkability, synchronization failure, and Sequence Number (SQN) exposure attacks. These issues threaten user privacy and service availability. Existing improvements often retain these flaws or cause high overhead due to continued use of the legacy SQN mechanism from 3G. In this paper, we propose 5G-RNAKA, a secure and efficient AKA protocol for 5G systems. Unlike 5G-AKA, 5G-RNAKA eliminates SQN counters and instead utilizes random numbers generated by the Universal Subscriber Identity Module (USIM) in 5G User Equipment (UE) for session identification. This random number is embedded in the reply message from the service network (SN) to prevent replay attacks against the UE. Additionally, by removing the SQN mechanism, 5G-RNAKA enhances user privacy by preventing attackers from linking challenge-response sessions. It also enables the UE to authenticate the SN, effectively mitigating the risk of SN impersonation. We formally verify that 5G-RNAKA achieves its security goals of privacy, authentication, and secrecy using the state-of-the-art formal verification tool, Tamarin Prover. Our implementation and evaluation further demonstrate that 5G-RNAKA improves communication efficiency and reduces storage overhead. While primarily designed for 5G, 5G-RNAKA's features align with emerging trends in 6G authentication, suggesting its potential for adaptation to future 6G architectures.
KW - 5G
KW - 5G-AKA
KW - Authentication and key agreement
KW - Formal analysis
KW - Protocol
UR - https://www.scopus.com/pages/publications/105023858221
U2 - 10.1145/3719027.3744844
DO - 10.1145/3719027.3744844
M3 - Conference contribution
AN - SCOPUS:105023858221
T3 - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
SP - 1634
EP - 1648
BT - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 13 October 2025 through 17 October 2025
ER -